Update lp2018 talk.

6 files changed, 185 insertions, 27 deletions

diff --git a/2018-03-25-guix-libreplanet/distracted-boyfriend.png b/2018-03-25-guix-libreplanet/distracted-boyfriend.png
new file mode 100644
index 0000000..c27b619
--- /dev/null
+++ b/2018-03-25-guix-libreplanet/distracted-boyfriend.png
diff --git a/2018-03-25-guix-libreplanet/guile-logo.png b/2018-03-25-guix-libreplanet/guile-logo.png
new file mode 100644
index 0000000..4edcc16
--- /dev/null
+++ b/2018-03-25-guix-libreplanet/guile-logo.png
diff --git a/2018-03-25-guix-libreplanet/guix-libreplanet.org b/2018-03-25-guix-libreplanet/guix-libreplanet.org
index 10a4594..fd5f2db 100644
--- a/2018-03-25-guix-libreplanet/guix-libreplanet.org
+++ b/2018-03-25-guix-libreplanet/guix-libreplanet.org
@@ -47,27 +47,32 @@
   a wonderful set of rights, but often *difficult to exercise in
   practice*
 
+  \begin{center}
+  \includegraphics[width=10cm]{distracted-boyfriend.png}
+  \end{center}
+
 * common issues
 
-  figuring out how to view the exact source for a running program is
-  tricky
+  figuring out how to view the exact source for a running program can
+  be tricky
 
-  - <explain>
+  - source packages are good but are a bit arcane
 
 * common issues
 
   building from source is difficult or sometimes impossible
 
+  - dependency hell
   - non-standard build system
   - build scripts make assumptions that aren't true for your system
+  - need multiple package managers
 
 * common issues
 
-  sharing source or binaries has many pitfalls
+  sharing binaries can be tricky, too
 
-  - dependency hell
-  - incompatible libraries between systems
-  - high barrier to entry for common package managers
+  - high barrier to entry for common package formats
+  - binary bundles are convenient, but problematic
 
 * common issues
 
@@ -102,15 +107,15 @@
   - per-user profiles
   - atomic updates and rollbacks
   - reproducible builds
-  - tools for many use-cases
+  - source-based with transparent binary downloads
 
 * unprivileged package management
 
   users can build and install software *without root privileges*
 
-  tired: =sudo apt install emacs=
-
-  wired: =guix package -i emacs=
+  \begin{center}
+  \includegraphics[width=8cm]{package-install.png}
+  \end{center}
 
 * per-user profiles
 
@@ -130,6 +135,10 @@
 
   oh no, the new version of Emacs is broken!
 
+  \begin{center}
+  \includegraphics[width=4cm]{oh-no.jpg}
+  \end{center}
+
   =guix package --roll-back=
 
 * transactional upgrades and rollbacks
@@ -143,6 +152,15 @@
   no worries, just reboot and select the previous, working version
   from the bootloader menu
 
+* a note about binaries
+
+  there is *no central point of trust* for receiving
+  pre-built binaries (we call them *substitutes*)
+
+  Guix is a *source-based* package manager, but will *transparently*
+  download pre-built binaries from a trusted third party, if
+  available.
+
 * inspecting source code
 
   quickly grab the source code for a package:
@@ -163,10 +181,21 @@
 
 * sharing packages
 
-  =guix build -L ~/daves-packages foo=
+  =guix build -L ~/my-packages foo=
 
   <minimal package example>
 
+* development environments
+
+  =guix environment= is like Python’s virtualenv, Ruby’s rvm, Node’s
+  nvm, etc. but for *everything*
+
+  quick example: play with a Ruby REPL without installing Ruby
+
+  #+BEGIN_SRC sh
+    guix environment --ad-hoc ruby -- irb
+  #+END_SRC
+
 * sharing development environments
 
   #+BEGIN_SRC scheme
@@ -185,11 +214,58 @@
 
   =guix environment --manifest=guix.scm=
 
-* experimenting in isolated environments
+* containerized environments
+
+  experiment in an environment that is isolated from the rest of the
+  system
+
+  example: a relatively constrained web browser
 
-  how about a container?
+  #+BEGIN_SRC sh
+    guix environment --ad-hoc icecat \
+         --container \
+         --network \
+         --share=$HOME/.mozilla \
+         --share=$HOME/Downloads \
+         --expose=/tmp/.X11-unix
+
+    $ DISPLAY=:0.0 icecat
+  #+END_SRC
 
-  =guix environment –-container --ad-hoc ruby -- irb=
+* containerized environments (advanced)
+
+  #+latex: \tiny{
+  #+BEGIN_SRC sh
+    # Create a Guix container that shares the host's network devices,
+    # GnuPG config, SSH config, and MySQL socket directory.  The container
+    # includes all of the software that is needed to build the gem set
+    # with Bundler.
+    guix environment --container --network \
+         --share=$HOME/.gnupg --share=$HOME/.ssh --share=/run/mysqld --share=$HOME/Code \
+         --ad-hoc ruby@2.2 mariadb imagemagick libxml2 libxslt gcc-toolchain@4.9 \
+         gcc@4.9:lib make git coreutils openssh libffi pkg-config which sed gawk \
+         openssl grep findutils procps nss-certs sqlite inetutils rsync gnupg \
+         pinentry-tty
+    # Tweak the environment such that Ruby gems end up in the right place
+    # and their binaries can be found.
+    export GEM_HOME=$PWD/.gems
+    export PATH=$GEM_HOME/bin:$PATH
+    export LD_LIBRARY_PATH=$LIBRARY_PATH
+    export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh
+    gpg-agent --daemon --enable-ssh-support --default-cache-ttl=10800 \
+              --pinentry-program=$(which pinentry-tty)
+    # Create gem directory.
+    mkdir -p .gems
+    # Create /usr/bin/env so Ruby scripts work.
+    mkdir -p /usr/bin && ln -s $(which env) /usr/bin/env
+    # Bundle!
+    gem install bundler
+    bundle config build.nokogiri --use-system-libraries --with-xml2-include=$C_INCLUDE_PATH/libxml2
+    bundle
+    # Start the server!
+    rails server
+  #+END_SRC
+  #+latex: }
 
 * sharing system configurations
 
@@ -239,6 +315,10 @@
          hello
   #+END_SRC
 
+  host your own Guix LAN party!
+
+  \tiny{(okay that sounds kinda boring)}
+
 * reproducible builds
 
   reproducible builds produce *bit-identical binaries* when performed
@@ -249,11 +329,13 @@
 
 * reproducible builds
 
-  this is a *cross-distro effort*, but Guix facilitates
-  reproducibility more than others
+  this is a *cross-distro effort*, but Guix was built to facilitate
+  reproducibility from the beginning
 
   see Chris Lamb's talk /“You think you're not a target? A tale of
-  three developers...”/ from yesterday for more perspective
+  three developers...”/ from yesterday for a deeper dive
+
+  \center\huge{https://reproducible-builds.org}
 
 * reproducible builds
 
@@ -267,7 +349,24 @@
 
   is this build compromised?
 
-  =guix challenge=
+  #+BEGIN_SRC sh
+    guix challenge emacs \
+         --substitute-urls=\
+         "https://mirror.hydra.gnu.org \
+          https://bobs-questionable-binaries.biz"
+  #+END_SRC
+
+* reasons for mismatched binaries
+
+  innocent build nondeterminism:
+  - timestamps
+  - hardware differences
+  - build directories
+  - bad parallelism
+
+  *or maybe…*
+
+  - malicious tampering
 
 * customize packages
 
@@ -311,23 +410,30 @@
 
 * interoperate with other systems
 
-  or maybe you want something like snap or flatpak?
+  or maybe you want something similar to snap or flatpak?
 
   make a tarball bundle that anyone can extract on their GNU/Linux
   system:
 
   =guix pack guile emacs geiser=
 
-* interoperate with other systems
+* import foreign packages
 
   or maybe you want assistance translating foreign packages into Guix
   packages:
 
-  =guix import pypi flask=
+  #+BEGIN_SRC sh
+    guix import pypi flask
+    guix import gem pry
+    guix import elpa magit
+  #+END_SRC
+
+  and many more (CRAN, CPAN, Crate, etc.)
 
 * literally: embedded
 
-  GuixSD now runs on the Beaglebone Black single-board computer!
+  fun fact: GuixSD now runs on the Beaglebone Black single-board
+  computer!
 
   #+latex: \scriptsize{
   #+BEGIN_SRC scheme
@@ -348,22 +454,72 @@
   #+END_SRC
   #+latex: }
 
+  hopefully more ARM systems coming soon!
+
 * extending guix
 
+  \begin{center}
+  \includegraphics[width=4cm]{guile-logo.png}
+  \end{center}
+
   GuixSD is essentially a big Scheme library
 
-  with a little Scheme know-how its easy to write new tools that use
-  the exact same APIs that the core Guix tools use
+  with a little Scheme know-how its easy to write new packages,
+  services, and tools that use the exact same APIs that the core Guix
+  tools use
+
+* extending guix (silly example)
+
+  #+latex: \tiny{
+  #+BEGIN_SRC scheme
+    > (use-modules (guix packages) (gnu packages emacs))
+    > (for-each (lambda (name)
+                  (display (string-append "hey, " name "! You're an Emacs dependency!\n")))
+                (sort (map car (package-inputs emacs)) string<))
+
+    hey, acl! You're an Emacs dependency!
+    hey, alsa-lib! You're an Emacs dependency!
+    hey, dbus! You're an Emacs dependency!
+    hey, giflib! You're an Emacs dependency!
+    hey, gnutls! You're an Emacs dependency!
+    hey, gtk+! You're an Emacs dependency!
+    hey, imagemagick! You're an Emacs dependency!
+    hey, libice! You're an Emacs dependency!
+    hey, libjpeg! You're an Emacs dependency!
+    hey, libotf! You're an Emacs dependency!
+    hey, libpng! You're an Emacs dependency!
+    hey, librsvg! You're an Emacs dependency!
+    hey, libsm! You're an Emacs dependency!
+    hey, libtiff! You're an Emacs dependency!
+    hey, libx11! You're an Emacs dependency!
+    hey, libxft! You're an Emacs dependency!
+    hey, libxml2! You're an Emacs dependency!
+    hey, libxpm! You're an Emacs dependency!
+    hey, m17n-lib! You're an Emacs dependency!
+    hey, ncurses! You're an Emacs dependency!
+    hey, zlib! You're an Emacs dependency!
+  #+END_SRC
+  #+latex: }
+
+* the stack
+
+  Core components written in Scheme:
+
+  - initial RAM disk
+  - init system (GNU Shepherd)
+  - package manager
 
 * the freedom to contribute
 
-  GNU Guix is a welcoming community:
+  The GNU Guix project has a welcoming community:
 
-  - we have a *code of conduct* and *enforce* it
+  - we have a *code of conduct*
   - we have started seeking new contributors via *Outreachy*
   - we participate in *Google Summer of Code* every year
   - oh, and no copyright assignment (in case you were wondering)
 
+  we need your help to bring GuixSD to a wider audience!
+
   join us!
 
 * thanks!
@@ -378,3 +534,5 @@
   © 2018 David Thompson
 
   Licensed under Creative Commons Attribution Share-Alike 4.0
+
+  (sans the memes which I use under fair-use)
diff --git a/2018-03-25-guix-libreplanet/guix-libreplanet.pdf b/2018-03-25-guix-libreplanet/guix-libreplanet.pdf
index d7a49e0..bbed0ea 100644
--- a/2018-03-25-guix-libreplanet/guix-libreplanet.pdf
+++ b/2018-03-25-guix-libreplanet/guix-libreplanet.pdf
diff --git a/2018-03-25-guix-libreplanet/oh-no.jpg b/2018-03-25-guix-libreplanet/oh-no.jpg
new file mode 100644
index 0000000..6ffeab8
--- /dev/null
+++ b/2018-03-25-guix-libreplanet/oh-no.jpg
diff --git a/2018-03-25-guix-libreplanet/package-install.png b/2018-03-25-guix-libreplanet/package-install.png
new file mode 100644
index 0000000..4d6d1a8
--- /dev/null
+++ b/2018-03-25-guix-libreplanet/package-install.png